1 # SPDX-License-Identifier: GPL-2.0
4 bool "FS Verity (read-only file-based authenticity protection)"
6 # SHA-256 is selected as it's intended to be the default hash algorithm.
7 # To avoid bloat, other wanted algorithms must be selected explicitly.
10 This option enables fs-verity. fs-verity is the dm-verity
11 mechanism implemented at the file level. On supported
12 filesystems (currently EXT4 and F2FS), userspace can use an
13 ioctl to enable verity for a file, which causes the filesystem
14 to build a Merkle tree for the file. The filesystem will then
15 transparently verify any data read from the file against the
16 Merkle tree. The file is also made read-only.
18 This serves as an integrity check, but the availability of the
19 Merkle tree root hash also allows efficiently supporting
20 various use cases where normally the whole file would need to
21 be hashed at once, such as: (a) auditing (logging the file's
22 hash), or (b) authenticity verification (comparing the hash
23 against a known good value, e.g. from a digital signature).
25 fs-verity is especially useful on large files where not all
26 the contents may actually be needed. Also, fs-verity verifies
27 data each time it is paged back in, which provides better
28 protection against malicious disks vs. an ahead-of-time hash.
32 config FS_VERITY_DEBUG
33 bool "FS Verity debugging"
36 Enable debugging messages related to fs-verity by default.
38 Say N unless you are an fs-verity developer.
40 config FS_VERITY_BUILTIN_SIGNATURES
41 bool "FS Verity builtin signature support"
43 select SYSTEM_DATA_VERIFICATION
45 Support verifying signatures of verity files against the X.509
46 certificates that have been loaded into the ".fs-verity"
49 This is meant as a relatively simple mechanism that can be
50 used to provide an authenticity guarantee for verity files, as
51 an alternative to IMA appraisal. Userspace programs still
52 need to check that the verity bit is set in order to get an
53 authenticity guarantee.